LibraryLink ToToggle FramesPrintFeedback

Authorization Plug-In

In a security system without authorization, every successfully authenticated user would have unrestricted access to every queue and every topic in the broker. Using the authorization plug-in, on the other hand, you can restrict access to specific destinations based on a user's group membership.

To configure the authorization plug-in, add an authorizationPlugin element to the list of plug-ins in the broker configuration, as shown in Example 3.6.

The authorization plug-in contains two different kinds of entry, as follows:

A named destination is just an ordinary JMS queue or topic (these destinations are named, in contrast to temporary destinations which have no permanent identity).The authorization entries for ordinary destinations are defined by the authorizationEntry element, which supports the following attributes:

A temporary destination is a special feature of JMS that enables you to create a queue for a particular network connection. The temporary destination exists only as long as the network connection remains open and, as soon as the connection is closed, the temporary destination is deleted on the server side. The original motivation for defining temporary destinations was to facilitate request-reply semantics on a destination, without having to define a dedicated reply destination.

Because temporary destinations have no name, the tempDestinationAuthorizationEntry element does not support any queue or topic attributes. The attributes supported by the tempDestinationAuthorizationEntry element are as follows: